CVE-2021-32561

CVE-2021-32561

EPSS 1.1%

OctoPrint before 1.6.0 allows XSS because API error messages include the values of input parameters.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/OctoPrint/OctoPrint/releases/tag/1.6.0 https://octoprint.org/blog/2021/04/27/new-release-1.6.0/https://www.brzozowski.io/web-applications/2021/05/11/the-insecure-story-of-octoprint.html